The second one that we read about was Solarwinds \u2018Orion\u2019 – that’s a well-known and commonly used network Management tool from Solarwinds \u2013 most IT businesses including ourselves use Solarwinds products, albeit we don\u2019t use their Orion software, so are unaffected by this hack. Orion hack exposed vast number of targets \u2013 impact may not be known for a while | Espionage | The Guardian\u00a0<\/a><\/p>\n By attacking the tools that organisations use, the hackers have managed to compromise a number of these organisations including such giants as the US Energy Dept\u00a0 – https:\/\/www.bbc.com\/news\/world-us-canada-55358332<\/a>\u00a0in what seems to be named \u2018Sunburst\u2019 hacks.<\/p>\n The media are not underplaying the seriousness of this breach.\u00a0<\/strong> \u00a0Russian state actors appear to have used a supply chain hack via Solarwinds’ Orion software to infiltrate US departments of State and Homeland security. \u00a0\u00a0It’s reported that \u00a0around the world 18,000 companies and government organisations use the hacked version of the software.\u00a0 It’s believed that around 40 were actively targeted.<\/p>\n Kinetics use Solarwinds N-central product.\u00a0 Orion and N-central do not share infrastructure or services.\u00a0 Within Solarwinds these are separate business units.\u00a0 \u00a0Because Orion is used by the US government, the FBI, Homeland Security and other US government agencies are assisting Solarwinds.\u00a0 There is no indication that any product other than Orion has been breached.\u00a0 To be safe, Solarwinds has released a update to N-central.\u00a0 The update resets a key digital security feature making previous versions invalid. \u00a0\u00a0\u00a0Kinetics will be deploying this updated version this week.\u00a0 The update will have no impact on any clients.<\/p>\n All of these businesses are reputable, careful and well-protected.\u00a0 The hacks are being reported as \u2018state-sponsored\u2019 with fingers being pointed at Russia, although we noted the White House named China according to one report.<\/p>\n It seems that the hackers chipped away slowly over many months, getting a little access here, adding to it there, combining various cracks in the armour until eventually they gained access.<\/p>\n In our interconnected world, it is likely that we will use software that unwittingly, relies on one of these as some of the tools are in the \u2018supply chain\u2019 \u2013 a cloud system might rely on a hosting partner that uses one of these tools, or a key supplier who, in turn relies on software that is used by one of these.<\/p>\n This is a timely reminder that everyone is under attack all the time.\u00a0 The breach of a $5billion company makes headlines, whereas most intrusions get no attention outside the victim company.<\/p>\n The fundamental point we\u2019d make is anyone can be a target, and no one can guarantee to prevent a cyber incident.\u00a0 What we can do is reduce risk.<\/strong> \u00a0 That is what KARE for Security<\/a>\u00a0does, with some technology and some human education.\u00a0 We must keep reminding people how to be alert, how to act and how to check anything that is suspicious.<\/p>\n Coming early in the New Year will be an extended Kare for Security offering that, amongst other protections, will include a tool for detecting \u2018shadow IT\u2019.\u00a0 We are each responsible for the data we keep, whether we keep it on our own platform, or on a cloud system or SAAS system we use.\u00a0 The level of responsibility keeps increasing alongside the heightened risk.<\/p>\n Reference : FireEye, Solarwinds hack: What you need to know about US cyber attack (usatoday.com)<\/a><\/p>\n If you want to know more about our innovative, practical security solutions (more than just software) – then contact us now!<\/a><\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":" In the last week, we\u2019ve seen two major successful attacks on critical US IT management and Cyber security tools. The first we learned about was on FireEye which is one of the leading and most trusted cyber security tools, used by much of the Fortune 500.\u00a0 https:\/\/www.nytimes.com\/2020\/12\/08\/technology\/fireeye-hacked-russians.html The second one that we read about was […]<\/p>\n","protected":false},"author":5,"featured_media":6144,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"In the last week, we\u2019ve seen two major successful attacks on critical US IT management and Cyber security tools.\n\nThe first we learned about was on FireEye which is one of the leading and most trusted cyber security tools, used by much of the Fortune 500.\u00a0 [wow_colorme]https:\/\/www.nytimes.com\/2020\/12\/08\/technology\/fireeye-hacked-russians.html<\/a> [\/wow_colorme]\n\n![\"\"](\"http:\/\/kinetics.co.nz\/wp-content\/uploads\/2020\/12\/Fireeye.jpg\")
<\/a><\/p>\nWho is affected?<\/strong><\/h2>\n
This is being called the gravest cyber-intrusion in US history<\/strong><\/h2>\n
If even the best can be compromised, what hope is there for the rest of us?<\/strong><\/h2>\n
<\/a>\n\nThe second one that we read about was Solarwinds \u2018Orion\u2019 - that's a well-known and commonly used network Management tool from Solarwinds \u2013 most IT businesses including ourselves use Solarwinds products, albeit we don\u2019t use their Orion software, so are unaffected by this hack. [wow_colorme]Orion hack exposed vast number of targets \u2013 impact may not be known for a while | Espionage | The Guardian [\/wow_colorme]<\/a>\n\nBy attacking the tools that organisations use, the hackers have managed to compromise a number of these organisations including such giants as the US Energy Dept\u00a0 - [wow_colorme]https:\/\/www.bbc.com\/news\/world-us-canada-55358332<\/a>[\/wow_colorme]<\/a> in what seems to be named \u2018Sunburst\u2019 hacks.\n\n[header2 text=\"Who is affected?<\/strong>\" align=\"left\" color=\"#336A40\" margintop=\"\"]\n\nThe media are not underplaying the seriousness of this breach.\u00a0<\/strong> \u00a0Russian state actors appear to have used a supply chain hack via Solarwinds' Orion software to infiltrate US departments of State and Homeland security. \u00a0\u00a0It's reported that \u00a0around the world 18,000 companies and government organisations use the hacked version of the software.\u00a0 It's believed that around 40 were actively targeted.\n\nKinetics use Solarwinds N-central product.\u00a0 Orion and N-central do not share infrastructure or services.\u00a0 Within Solarwinds these are separate business units.\u00a0 \u00a0Because Orion is used by the US government, the FBI, Homeland Security and other US government agencies are assisting Solarwinds.\u00a0 There is no indication that any product other than Orion has been breached.\u00a0 To be safe, Solarwinds has released a update to N-central.\u00a0 The update resets a key digital security feature making previous versions invalid. \u00a0\u00a0\u00a0Kinetics will be deploying this updated version this week.\u00a0 The update will have no impact on any clients.\n\n[header2 text=\"This is being called the gravest cyber-intrusion in US history<\/strong>\" align=\"left\" color=\"#336A40\" margintop=\"\"]\n\nAll of these businesses are reputable, careful and well-protected.\u00a0 The hacks are being reported as \u2018state-sponsored\u2019 with fingers being pointed at Russia, although we noted the White House named China according to one report.\n\nIt seems that the hackers chipped away slowly over many months, getting a little access here, adding to it there, combining various cracks in the armour until eventually they gained access.\n\nIn our interconnected world, it is likely that we will use software that unwittingly, relies on one of these as some of the tools are in the \u2018supply chain\u2019 \u2013 a cloud system might rely on a hosting partner that uses one of these tools, or a key supplier who, in turn relies on software that is used by one of these.\n\n[header2 text=\"If even the best can be compromised, what hope is there for the rest of us?<\/strong>\" align=\"left\" color=\"#336A40\" margintop=\"\"]\n\nThis is a timely reminder that everyone is under attack all the time.\u00a0 The breach of a $5billion company makes headlines, whereas most intrusions get no attention outside the victim company.\n\nThe fundamental point we\u2019d make is anyone can be a target, and no one can guarantee to prevent a cyber incident.\u00a0 What we can do is reduce risk.<\/strong>\u00a0\u00a0 That is what [wow_colorme]KARE for Security<\/a>[\/wow_colorme] does, with some technology and some human education.\u00a0 We must keep reminding people how to be alert, how to act and how to check anything that is suspicious.\n\nComing early in the New Year will be an extended Kare for Security offering that, amongst other protections, will include a tool for detecting \u2018shadow IT\u2019.\u00a0 We are each responsible for the data we keep, whether we keep it on our own platform, or on a cloud system or SAAS system we use.\u00a0 The level of responsibility keeps increasing alongside the heightened risk.\n\nReference :[wow_colorme] FireEye, Solarwinds hack: What you need to know about US cyber attack (usatoday.com)<\/a>\u00a0[\/wow_colorme]\n\nIf you want to know more about our innovative, practical security solutions (more than just software) - then [wow_colorme]contact us now!<\/a>[\/wow_colorme]","_et_gb_content_width":"","footnotes":""},"categories":[4,5],"tags":[],"class_list":["post-5203","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-security"],"_links":{"self":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/5203","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5203"}],"version-history":[{"count":0,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/5203\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/"}],"wp:attachment":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5203"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5203"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5203"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}